Mirrors/trufflehog
2
0
Fork 0
mirror of https://github.com/trufflesecurity/trufflehog.git synced 2024-09-20 14:42:03 +00:00
Code Issues Projects Releases Packages Wiki Activity

more detectors

Browse source
This commit is contained in:
Dustin Decker 2022-01-18 22:24:42 -08:00
parent 0f6210df14
commit 5596025b0b
636 changed files with 8761 additions and 558 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
pkg/detectors/abbysale/abbysale_test.go
View file

@ -16,7 +16,7 @@ import (
func TestAbbysale_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecretsVersion(ctx, 3)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners3")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/abstract/abstract_test.go
View file

@ -16,7 +16,7 @@ import (
func TestAbstract_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecrets(ctx)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners1")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/abuseipdb/abuseipdb_test.go
View file

@ -16,7 +16,7 @@ import (
func TestAbuseIPDB_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecrets(ctx)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners1")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/accuweather/accuweather_test.go
View file

@ -16,7 +16,7 @@ import (
func TestAccuweather_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecrets(ctx)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners1")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/adafruitio/adafruitio_test.go
View file

@ -16,7 +16,7 @@ import (
func TestAdafruitIO_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecrets(ctx)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners1")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/adobeio/adobeio_test.go
View file

@ -16,7 +16,7 @@ import (
func TestAdobeIO_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecretsVersion(ctx, 3)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners3")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/adzuna/adzuna_test.go
View file

@ -16,7 +16,7 @@ import (
func TestAdzuna_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecrets(ctx)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners1")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

84
pkg/detectors/agora/agora.go Normal file
View file

@ -0,0 +1,84 @@
package agora
import (
"context"
// "log"
"regexp"
"strings"
"net/http"
"github.com/trufflesecurity/trufflehog/pkg/common"
"github.com/trufflesecurity/trufflehog/pkg/detectors"
"github.com/trufflesecurity/trufflehog/pkg/pb/detectorspb"
)
type Scanner struct{}
// Ensure the Scanner satisfies the interface at compile time
var _ detectors.Detector = (*Scanner)(nil)
var (
client = common.SaneHttpClient()
//Make sure that your group is surrounded in boundry characters such as below to reduce false positives
keyPat = regexp.MustCompile(detectors.PrefixRegex([]string{"agora"}) + `\b([a-z0-9]{32})\b`)
secretPat = regexp.MustCompile(detectors.PrefixRegex([]string{"agora"}) + `\b([a-z0-9]{32})\b`)
)
// Keywords are used for efficiently pre-filtering chunks.
// Use identifiers in the secret preferably, or the provider name.
func (s Scanner) Keywords() []string {
return []string{"agora"}
}
// FromData will find and optionally verify Agora secrets in a given set of bytes.
func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (results []detectors.Result, err error) {
dataStr := string(data)
matches := keyPat.FindAllStringSubmatch(dataStr, -1)
secretMatches := secretPat.FindAllStringSubmatch(dataStr, -1)
for _, match := range matches {
if len(match) != 2 {
continue
}
resMatch := strings.TrimSpace(match[1])
for _, secret := range secretMatches {
if len(secret) != 2 {
continue
}
resSecret := strings.TrimSpace(secret[1])
s1 := detectors.Result{
DetectorType: detectorspb.DetectorType_Agora,
Raw: []byte(resMatch),
}
if verify {
req, _ := http.NewRequest("GET", "https://api.agora.io/dev/v1/projects", nil)
req.SetBasicAuth(resSecret, resMatch)
res, err := client.Do(req)
if err == nil {
defer res.Body.Close()
if res.StatusCode >= 200 && res.StatusCode < 300 {
s1.Verified = true
} else {
//This function will check false positives for common test words, but also it will make sure the key appears 'random' enough to be a real key
if detectors.IsKnownFalsePositive(resMatch, detectors.DefaultFalsePositives, true) {
continue
}
}
}
}
results = append(results, s1)
}
}
return detectors.CleanResults(results), nil
}

114
pkg/detectors/agora/agora_test.go Normal file
View file

@ -0,0 +1,114 @@
package agora
import (
"context"
"fmt"
"testing"
"time"
"github.com/kylelemons/godebug/pretty"
"github.com/trufflesecurity/trufflehog/pkg/detectors"
"github.com/trufflesecurity/trufflehog/pkg/common"
"github.com/trufflesecurity/trufflehog/pkg/pb/detectorspb"
)
func TestAgora_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners1")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}
id := testSecrets.MustGetField("AGORA")
secret := testSecrets.MustGetField("AGORA_SECRET")
inactiveSecret := testSecrets.MustGetField("AGORA_SECRET_INACTIVE")
type args struct {
ctx context.Context
data []byte
verify bool
}
tests := []struct {
name string
s Scanner
args args
want []detectors.Result
wantErr bool
}{
{
name: "found, verified",
s: Scanner{},
args: args{
ctx: context.Background(),
data: []byte(fmt.Sprintf("You can find a agora secret %s within agora id %s but verified", secret, id)),
verify: true,
},
want: []detectors.Result{
{
DetectorType: detectorspb.DetectorType_Agora,
Verified: true,
},
},
wantErr: false,
},
{
name: "found, unverified",
s: Scanner{},
args: args{
ctx: context.Background(),
data: []byte(fmt.Sprintf("You can find a agora secret %s within agora id %s but not valid ", inactiveSecret, id)), // the secret would satisfy the regex but not pass validation
verify: true,
},
want: []detectors.Result{
{
DetectorType: detectorspb.DetectorType_Agora,
Verified: false,
},
},
wantErr: false,
},
{
name: "not found",
s: Scanner{},
args: args{
ctx: context.Background(),
data: []byte("You cannot find the secret within"),
verify: true,
},
want: nil,
wantErr: false,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
s := Scanner{}
got, err := s.FromData(tt.args.ctx, tt.args.verify, tt.args.data)
if (err != nil) != tt.wantErr {
t.Errorf("Agora.FromData() error = %v, wantErr %v", err, tt.wantErr)
return
}
for i := range got {
if len(got[i].Raw) == 0 {
t.Fatal("no raw secret present")
}
got[i].Raw = nil
}
if diff := pretty.Compare(got, tt.want); diff != "" {
t.Errorf("Agora.FromData() %s diff: (-got +want)\n%s", tt.name, diff)
}
})
}
}
func BenchmarkFromData(benchmark *testing.B) {
ctx := context.Background()
s := Scanner{}
for name, data := range detectors.MustGetBenchmarkData() {
benchmark.Run(name, func(b *testing.B) {
for n := 0; n < b.N; n++ {
s.FromData(ctx, false, data)
}
})
}
}

2
pkg/detectors/airbrakeprojectkey/airbrakeprojectkey_test.go
View file

@ -16,7 +16,7 @@ import (
func TestAirbrakeProjectKey_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecretsVersion(ctx, 3)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners3")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/airbrakeuserkey/airbrakeuserkey_test.go
View file

@ -16,7 +16,7 @@ import (
func TestAirbrakeUserKey_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecretsVersion(ctx, 3)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners3")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/airship/airship_test.go
View file

@ -16,7 +16,7 @@ import (
func TestAirship_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecrets(ctx)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners1")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/airtableapikey/airtableapikey_test.go
View file

@ -16,7 +16,7 @@ import (
func TestAirtableApiKey_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecretsVersion(ctx, 3)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners3")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/airvisual/airvisual_test.go
View file

@ -16,7 +16,7 @@ import (
func TestAirVisual_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecrets(ctx)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners1")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/alconost/alconost_test.go
View file

@ -16,7 +16,7 @@ import (
func TestAlconost_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecrets(ctx)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners1")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/alegra/alegra_test.go
View file

@ -16,7 +16,7 @@ import (
func TestAlegra_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecrets(ctx)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners1")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/aletheiaapi/aletheiaapi_test.go
View file

@ -16,7 +16,7 @@ import (
func TestAletheiaApi_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecrets(ctx)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners1")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

81
pkg/detectors/algoliaadminkey/algoliaadminkey.go Normal file
View file

@ -0,0 +1,81 @@
package algoliaadminkey
import (
"context"
// "log"
"regexp"
"strings"
"net/http"
"github.com/trufflesecurity/trufflehog/pkg/common"
"github.com/trufflesecurity/trufflehog/pkg/detectors"
"github.com/trufflesecurity/trufflehog/pkg/pb/detectorspb"
)
type Scanner struct{}
// Ensure the Scanner satisfies the interface at compile time
var _ detectors.Detector = (*Scanner)(nil)
var (
client = common.SaneHttpClient()
//Make sure that your group is surrounded in boundry characters such as below to reduce false positives
keyPat = regexp.MustCompile(detectors.PrefixRegex([]string{"algolia"}) + `\b([a-zA-Z0-9]{32})\b`)
idPat = regexp.MustCompile(detectors.PrefixRegex([]string{"algolia"}) + `\b([A-Z0-9]{10})\b`)
)
// Keywords are used for efficiently pre-filtering chunks.
// Use identifiers in the secret preferably, or the provider name.
func (s Scanner) Keywords() []string {
return []string{"algolia"}
}
// FromData will find and optionally verify AlgoliaAdminKey secrets in a given set of bytes.
func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (results []detectors.Result, err error) {
dataStr := string(data)
matches := keyPat.FindAllStringSubmatch(dataStr, -1)
idMatches := idPat.FindAllStringSubmatch(dataStr, -1)
for _, match := range matches {
if len(match) != 2 {
continue
}
resMatch := strings.TrimSpace(match[1])
for _, idMatch := range idMatches {
if len(idMatch) != 2 {
continue
}
resIdMatch := strings.TrimSpace(idMatch[1])
s1 := detectors.Result{
DetectorType: detectorspb.DetectorType_AlgoliaAdminKey,
Raw: []byte(resMatch),
}
if verify {
req, _ := http.NewRequest("GET", "https://"+resIdMatch+"-dsn.algolia.net/1/keys", nil)
req.Header.Add("X-Algolia-Application-Id", resIdMatch)
req.Header.Add("X-Algolia-API-Key", resMatch)
res, err := client.Do(req)
if err == nil {
defer res.Body.Close()
if res.StatusCode >= 200 && res.StatusCode < 300 {
s1.Verified = true
} else {
//This function will check false positives for common test words, but also it will make sure the key appears 'random' enough to be a real key
if detectors.IsKnownFalsePositive(resMatch, detectors.DefaultFalsePositives, true) {
continue
}
}
}
}
results = append(results, s1)
}
}
return detectors.CleanResults(results), nil
}

114
pkg/detectors/algoliaadminkey/algoliaadminkey_test.go Normal file
View file

@ -0,0 +1,114 @@
package algoliaadminkey
import (
"context"
"fmt"
"testing"
"time"
"github.com/kylelemons/godebug/pretty"
"github.com/trufflesecurity/trufflehog/pkg/detectors"
"github.com/trufflesecurity/trufflehog/pkg/common"
"github.com/trufflesecurity/trufflehog/pkg/pb/detectorspb"
)
func TestAlgoliaAdminKey_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners3")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}
secret := testSecrets.MustGetField("ALGOLIAADMINKEY_TOKEN")
inactiveSecret := testSecrets.MustGetField("ALGOLIAADMINKEY_INACTIVE")
id := testSecrets.MustGetField("ALGOLIAADMINKEY_APPID")
type args struct {
ctx context.Context
data []byte
verify bool
}
tests := []struct {
name string
s Scanner
args args
want []detectors.Result
wantErr bool
}{
{
name: "found, verified",
s: Scanner{},
args: args{
ctx: context.Background(),
data: []byte(fmt.Sprintf("You can find a algolia secret %s within algolia %s", secret, id)),
verify: true,
},
want: []detectors.Result{
{
DetectorType: detectorspb.DetectorType_AlgoliaAdminKey,
Verified: true,
},
},
wantErr: false,
},
{
name: "found, unverified",
s: Scanner{},
args: args{
ctx: context.Background(),
data: []byte(fmt.Sprintf("You can find a algolia secret %s within algolia %s but not valid", inactiveSecret, id)), // the secret would satisfy the regex but not pass validation
verify: true,
},
want: []detectors.Result{
{
DetectorType: detectorspb.DetectorType_AlgoliaAdminKey,
Verified: false,
},
},
wantErr: false,
},
{
name: "not found",
s: Scanner{},
args: args{
ctx: context.Background(),
data: []byte("You cannot find the secret within"),
verify: true,
},
want: nil,
wantErr: false,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
s := Scanner{}
got, err := s.FromData(tt.args.ctx, tt.args.verify, tt.args.data)
if (err != nil) != tt.wantErr {
t.Errorf("AlgoliaAdminKey.FromData() error = %v, wantErr %v", err, tt.wantErr)
return
}
for i := range got {
if len(got[i].Raw) == 0 {
t.Fatalf("no raw secret present: \n %+v", got[i])
}
got[i].Raw = nil
}
if diff := pretty.Compare(got, tt.want); diff != "" {
t.Errorf("AlgoliaAdminKey.FromData() %s diff: (-got +want)\n%s", tt.name, diff)
}
})
}
}
func BenchmarkFromData(benchmark *testing.B) {
ctx := context.Background()
s := Scanner{}
for name, data := range detectors.MustGetBenchmarkData() {
benchmark.Run(name, func(b *testing.B) {
for n := 0; n < b.N; n++ {
s.FromData(ctx, false, data)
}
})
}
}

84
pkg/detectors/alibaba/alibaba.go Normal file
View file

@ -0,0 +1,84 @@
package alibaba
import (
"context"
"regexp"
"time"
"github.com/aliyun/alibaba-cloud-sdk-go/services/ecs"
log "github.com/sirupsen/logrus"
"github.com/trufflesecurity/trufflehog/pkg/detectors"
"github.com/trufflesecurity/trufflehog/pkg/pb/detectorspb"
)
type Scanner struct{}
// Ensure the Scanner satisfies the interface at compile time
var _ detectors.Detector = (*Scanner)(nil)
var (
keyPat = regexp.MustCompile(`\b(LTAI[a-zA-Z0-9]{17,21})[\"' ;\s]*`)
secretPat = regexp.MustCompile(`\b([a-zA-Z0-9]{30})\b`)
)
// Keywords are used for efficiently pre-filtering chunks.
// Use identifiers in the secret preferably, or the provider name.
func (s Scanner) Keywords() []string {
return []string{"LTAI"}
}
// FromData will find and optionally verify Alibaba secrets in a given set of bytes.
func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (results []detectors.Result, err error) {
dataStr := string(data)
matches := keyPat.FindAllStringSubmatch(dataStr, -1)
for _, match := range matches {
//Plausible key pat found, look for secrets match
secMatches := secretPat.FindAllStringSubmatch(dataStr, -1)
for _, secMatch := range secMatches {
if len(match) != 2 {
continue
}
s := detectors.Result{
DetectorType: detectorspb.DetectorType_Alibaba,
Raw: []byte(match[1]),
Redacted: match[1],
}
if verify {
ecsClient, err := ecs.NewClientWithAccessKey(
"us-east-1", // your region ID
match[1], // your AccessKey ID
secMatch[1]) // your AccessKey Secret
if err != nil {
log.WithError(err).Debug("error creating alibaba client, skipping")
continue
}
// Create an API request and set parameters
request := ecs.CreateDescribeInstancesRequest()
request.ConnectTimeout = (time.Duration(5) * time.Second)
request.Scheme = "https"
request.Domain = "ecs.aliyuncs.com"
// Initiate the request and handle exceptions
_, err = ecsClient.DescribeInstances(request)
if err != nil {
s.Verified = false
} else {
s.Verified = true
}
}
if !s.Verified {
if detectors.IsKnownFalsePositive(string(s.Raw), detectors.DefaultFalsePositives, true) {
continue
}
}
results = append(results, s)
}
}
return
}

103
pkg/detectors/alibaba/alibaba_test.go Normal file
View file

@ -0,0 +1,103 @@
package alibaba
import (
"context"
"fmt"
"testing"
"time"
"github.com/kylelemons/godebug/pretty"
"github.com/trufflesecurity/trufflehog/pkg/common"
"github.com/trufflesecurity/trufflehog/pkg/detectors"
"github.com/trufflesecurity/trufflehog/pkg/pb/detectorspb"
)
func TestAlibaba_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners2")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}
secret := testSecrets.MustGetField("ALIBABA_SECRET")
secretInactive := testSecrets.MustGetField("ALIBABA_SECRET_INACTIVE")
id := testSecrets.MustGetField("ALIBABA_ID")
type args struct {
ctx context.Context
data []byte
verify bool
}
tests := []struct {
name string
s Scanner
args args
want []detectors.Result
wantErr bool
}{
{
name: "found, verified",
s: Scanner{},
args: args{
ctx: context.Background(),
data: []byte(fmt.Sprintf("Alibaba keys are here: %s\n %s within", id, secret)),
verify: true,
},
want: []detectors.Result{
{
DetectorType: detectorspb.DetectorType_Alibaba,
Verified: true,
Redacted: id,
},
},
wantErr: false,
},
{
name: "found, unverified",
s: Scanner{},
args: args{
ctx: context.Background(),
data: []byte(fmt.Sprintf("Alibaba keys are here: %s\n %s within", id, secretInactive)),
verify: true,
},
want: []detectors.Result{
{
DetectorType: detectorspb.DetectorType_Alibaba,
Verified: false,
Redacted: id,
},
},
wantErr: false,
},
{
name: "not found",
s: Scanner{},
args: args{
ctx: context.Background(),
data: []byte("You cannot find the secret within"),
verify: true,
},
want: nil,
wantErr: false,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
s := Scanner{}
got, err := s.FromData(tt.args.ctx, tt.args.verify, tt.args.data)
if (err != nil) != tt.wantErr {
t.Errorf("Alibaba.FromData() error = %v, wantErr %v", err, tt.wantErr)
return
}
for i := range got {
if len(got[i].Raw) == 0 {
t.Fatal("no raw secret present")
}
got[i].Raw = nil
}
if diff := pretty.Compare(got, tt.want); diff != "" {
t.Errorf("Alibaba.FromData() %s diff: (-got +want)\n%s", tt.name, diff)
}
})
}
}

2
pkg/detectors/alienvault/alienvault_test.go
View file

@ -16,7 +16,7 @@ import (
func TestAlienVault_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecrets(ctx)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners1")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/allsports/allsports_test.go
View file

@ -16,7 +16,7 @@ import (
func TestAllsports_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecrets(ctx)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners1")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/amadeus/amadeus_test.go
View file

@ -16,7 +16,7 @@ import (
func TestAmadeus_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecrets(ctx)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners1")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/ambee/ambee_test.go
View file

@ -16,7 +16,7 @@ import (
func TestAmbee_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecrets(ctx)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners1")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/amplitudeapikey/amplitudeapikey_test.go
View file

@ -16,7 +16,7 @@ import (
func TestAmplitudeApiKey_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecretsVersion(ctx, 3)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners3")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/anypoint/anypoint_test.go
View file

@ -16,7 +16,7 @@ import (
func TestAnypoint_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecretsVersion(ctx, 3)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners3")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/apacta/apacta_test.go
View file

@ -16,7 +16,7 @@ import (
func TestApacta_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecretsVersion(ctx, 2)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners2")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/api2cart/api2cart_test.go
View file

@ -16,7 +16,7 @@ import (
func TestApi2Cart_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecrets(ctx)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners1")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/apideck/apideck_test.go
View file

@ -16,7 +16,7 @@ import (
func TestApiDeck_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecretsVersion(ctx, 3)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners3")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/apiflash/apiflash_test.go
View file

@ -16,7 +16,7 @@ import (
func TestApiflash_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecrets(ctx)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners1")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/apifonica/apifonica_test.go
View file

@ -16,7 +16,7 @@ import (
func TestApifonica_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecretsVersion(ctx, 2)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners2")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/apify/apify_test.go
View file

@ -16,7 +16,7 @@ import (
func TestApify_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecrets(ctx)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners1")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/apimatic/apimatic_test.go
View file

@ -16,7 +16,7 @@ import (
func TestAPIMatic_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecretsVersion(ctx, 2)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners2")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/apiscience/apiscience_test.go
View file

@ -16,7 +16,7 @@ import (
func TestApiScience_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecretsVersion(ctx, 2)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners2")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/apollo/apollo_test.go
View file

@ -16,7 +16,7 @@ import (
func TestApollo_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecrets(ctx)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners1")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/appcues/appcues_test.go
View file

@ -16,7 +16,7 @@ import (
func TestAppcues_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecrets(ctx)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners1")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/appfollow/appfollow_test.go
View file

@ -16,7 +16,7 @@ import (
func TestAppfollow_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecretsVersion(ctx, 2)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners2")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/appsynergy/appsynergy_test.go
View file

@ -16,7 +16,7 @@ import (
func TestAppSynergy_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecretsVersion(ctx, 2)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners2")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/apptivo/apptivo_test.go
View file

@ -16,7 +16,7 @@ import (
func TestApptivo_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecrets(ctx)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners1")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/artifactory/artifactory_test.go
View file

@ -16,7 +16,7 @@ import (
func TestArtifactory_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecretsVersion(ctx, 3)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners3")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/artsy/artsy_test.go
View file

@ -16,7 +16,7 @@ import (
func TestArtsy_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecrets(ctx)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners1")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/asanaoauth/asanaoauth_test.go
View file

@ -16,7 +16,7 @@ import (
func TestAsanaOauth_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecretsVersion(ctx, 3)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners3")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/asanapersonalaccesstoken/asanapersonalaccesstoken_test.go
View file

@ -16,7 +16,7 @@ import (
func TestAsanaPersonalAccessToken_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecretsVersion(ctx, 3)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners3")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/assemblyai/assemblyai_test.go
View file

@ -16,7 +16,7 @@ import (
func TestAssemblyai_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecrets(ctx)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners1")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/audd/audd_test.go
View file

@ -16,7 +16,7 @@ import (
func TestAudd_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecrets(ctx)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners1")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/auth0managementapitoken/auth0managementapitoken_test.go
View file

@ -16,7 +16,7 @@ import (
func TestAuth0ManagementApiToken_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecretsVersion(ctx, 3)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners3")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/auth0oauth/auth0oauth_test.go
View file

@ -16,7 +16,7 @@ import (
func TestAuth0oauth_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecretsVersion(ctx, 3)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners3")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/autodesk/autodesk_test.go
View file

@ -16,7 +16,7 @@ import (
func TestAutodesk_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecretsVersion(ctx, 2)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners2")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/autoklose/autoklose_test.go
View file

@ -16,7 +16,7 @@ import (
func TestAutoklose_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecrets(ctx)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners1")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/autopilot/autopilot_test.go
View file

@ -16,7 +16,7 @@ import (
func TestAutoPilot_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecrets(ctx)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners1")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/aviationstack/aviationstack_test.go
View file

@ -16,7 +16,7 @@ import (
func TestAviationStack_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecrets(ctx)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners1")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

96
pkg/detectors/aws/aws.go Normal file
View file

@ -0,0 +1,96 @@
package aws
import (
"context"
"regexp"
"strings"
"github.com/aws/aws-sdk-go-v2/credentials"
"github.com/aws/aws-sdk-go-v2/service/sts"
"github.com/trufflesecurity/trufflehog/pkg/detectors"
"github.com/trufflesecurity/trufflehog/pkg/pb/detectorspb"
"github.com/trufflesecurity/trufflehog/pkg/common"
)
type Scanner struct{}
// Ensure the Scanner satisfies the interface at compile time
var _ detectors.Detector = (*Scanner)(nil)
var (
// TODO: Support other key types https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-unique-ids
keyPat = regexp.MustCompile(`\b(AKIA[0-9A-Z]{16})\b`)
secretPat = regexp.MustCompile(`\b([A-Za-z0-9+/]{40})\b`)
)
// Keywords are used for efficiently pre-filtering chunks.
// Use identifiers in the secret preferably, or the provider name.
func (s Scanner) Keywords() []string {
return []string{"AKI"}
}
func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) ([]detectors.Result, error) {
dataStr := string(data)
var results []detectors.Result
keyMatches := keyPat.FindAllStringSubmatch(dataStr, -1)
secretMatches := secretPat.FindAllStringSubmatch(dataStr, -1)
for _, keyMatch := range keyMatches {
if len(keyMatch) != 2 {
continue
}
key := strings.TrimSpace(keyMatch[1])
s := detectors.Result{
DetectorType: detectorspb.DetectorType_AWS,
Raw: []byte(key),
Redacted: key,
}
// TODO: Remove possible matches if they verify positive.
if verify {
for _, secretMatch := range secretMatches {
if len(secretMatch) != 2 {
continue
}
secret := strings.TrimSpace(secretMatch[1])
result, err := callerIdentity(ctx, key, secret)
if err != nil {
// It also errors for signature mismatches on the client side before sending, and it's quite noisy.
continue
}
if result != nil && result.Account != nil {
s.Verified = true
break
}
}
}
if !s.Verified {
if detectors.IsKnownFalsePositive(string(s.Raw), detectors.DefaultFalsePositives, true) {
continue
}
}
if len(secretMatches) > 0 {
results = append(results, s)
}
}
return detectors.CleanResults(results), nil
}
func callerIdentity(ctx context.Context, key, secret string) (*sts.GetCallerIdentityOutput, error) {
svc := sts.New(sts.Options{
HTTPClient: common.SaneHttpClient(),
Logger: nil,
Region: "us-west-2",
Credentials: credentials.NewStaticCredentialsProvider(key, secret, ""),
})
result, err := svc.GetCallerIdentity(ctx, nil)
return result, err
}

167
pkg/detectors/aws/aws_test.go Normal file
View file

@ -0,0 +1,167 @@
package aws
import (
"context"
"fmt"
"testing"
"time"
"github.com/aws/aws-sdk-go-v2/service/sts"
"github.com/kylelemons/godebug/pretty"
"github.com/trufflesecurity/trufflehog/pkg/common"
"github.com/trufflesecurity/trufflehog/pkg/detectors"
"github.com/trufflesecurity/trufflehog/pkg/pb/detectorspb"
)
func TestScanner_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners2")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}
secret := testSecrets.MustGetField("AWS_SECRET")
secretInactive := testSecrets.MustGetField("AWS_INACTIVE")
id := testSecrets.MustGetField("AWS")
type args struct {
ctx context.Context
data []byte
verify bool
}
tests := []struct {
name string
args args
wantSecrets []detectors.Result
wantErr bool
}{
{
name: "live key",
args: args{
ctx: ctx,
data: []byte(fmt.Sprintf("You can find a aws secret %s within awsId %s", secret, id)),
verify: true,
},
wantSecrets: []detectors.Result{
{
DetectorType: detectorspb.DetectorType_AWS,
Verified: true,
Redacted: id,
},
},
wantErr: false,
},
{
name: "dead key",
args: args{
ctx: ctx,
data: []byte(fmt.Sprintf("You can find a aws secret %s within awsId %s", secretInactive, id)),
verify: true,
},
wantSecrets: []detectors.Result{
{
DetectorType: detectorspb.DetectorType_AWS,
Verified: false,
Redacted: id,
},
},
wantErr: false,
},
{
name: "not found",
args: args{
ctx: ctx,
data: []byte("You cannot find the secret within"),
verify: true,
},
wantSecrets: nil,
wantErr: false,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
s := Scanner{}
got, err := s.FromData(tt.args.ctx, tt.args.verify, tt.args.data)
if (err != nil) != tt.wantErr {
t.Errorf("Scanner.FromData() error = %v, wantErr %v", err, tt.wantErr)
return
}
for i := range got {
if len(got[i].Raw) == 0 {
t.Fatal("no raw secret present")
}
got[i].Raw = nil
}
if diff := pretty.Compare(got, tt.wantSecrets); diff != "" {
t.Errorf("%s: Scanner.FromData() diff: (-got +want)\n%s", tt.name, diff)
}
})
}
}
func BenchmarkFromData(benchmark *testing.B) {
ctx := context.Background()
s := Scanner{}
for name, data := range detectors.MustGetBenchmarkData() {
benchmark.Run(name, func(b *testing.B) {
for n := 0; n < b.N; n++ {
s.FromData(ctx, false, data)
}
})
}
}
func Test_callerIdentity(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners2")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}
secret := testSecrets.MustGetField("AWS_SECRET")
secretInactive := testSecrets.MustGetField("AWS_INACTIVE")
id := testSecrets.MustGetField("AWS")
type args struct {
key string
secret string
ctx context.Context
}
tests := []struct {
name string
args args
want *sts.GetCallerIdentityOutput
wantErr bool
}{
{
name: "invalid",
args: args{
key: id,
secret: secretInactive,
ctx: context.Background(),
},
wantErr: true,
},
{
name: "valid",
args: args{
key: id,
secret: secret,
ctx: context.Background(),
},
wantErr: false,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
_, err := callerIdentity(tt.args.ctx, tt.args.key, tt.args.secret)
if (err != nil) != tt.wantErr {
t.Errorf("callerIdentity() error = %v, wantErr %v", err, tt.wantErr)
return
}
})
}
}

2
pkg/detectors/axonaut/axonaut_test.go
View file

@ -16,7 +16,7 @@ import (
func TestAxonaut_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecrets(ctx)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners1")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/aylien/aylien_test.go
View file

@ -16,7 +16,7 @@ import (
func TestAylien_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecrets(ctx)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners1")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/ayrshare/ayrshare_test.go
View file

@ -16,7 +16,7 @@ import (
func TestAyrshare_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecretsVersion(ctx, 3)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners3")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

87
pkg/detectors/azure/azure.go Normal file
View file

@ -0,0 +1,87 @@
package azure
import (
"context"
"fmt"
"regexp"
"strings"
"github.com/Azure/go-autorest/autorest/azure/auth"
"github.com/trufflesecurity/trufflehog/pkg/detectors"
"github.com/trufflesecurity/trufflehog/pkg/pb/detectorspb"
)
type Scanner struct{}
// Ensure the Scanner satisfies the interface at compile time
var _ detectors.Detector = (*Scanner)(nil)
func mustFmtPat(id, pat string) *regexp.Regexp {
combinedID := strings.ReplaceAll(id, "_", "") + "|" + id
return regexp.MustCompile(fmt.Sprintf(pat, combinedID))
}
var (
// TODO: Azure storage access keys and investigate other types of creds.
// Azure App Oauth
idPatFmt = `(?i)(%s).{0,20}([a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})`
clientIDPat = mustFmtPat("client_id", idPatFmt)
tenantIDPat = mustFmtPat("tenant_id", idPatFmt)
// TODO: support old patterns
secretPatFmt = `(?i)(%s).{0,20}([a-z0-9_\.\-~]{34})`
clientSecretPat = mustFmtPat("client_secret", secretPatFmt)
)
// Keywords are used for efficiently pre-filtering chunks.
// Use identifiers in the secret preferably, or the provider name.
func (s Scanner) Keywords() []string {
return []string{"azure"}
}
// FromData will find and optionally verify Azure secrets in a given set of bytes.
func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (results []detectors.Result, err error) {
dataStr := string(data)
clientSecretMatches := clientSecretPat.FindAllStringSubmatch(dataStr, -1)
for _, clientSecret := range clientSecretMatches {
tenantIDMatches := tenantIDPat.FindAllStringSubmatch(dataStr, -1)
for _, tenantID := range tenantIDMatches {
clientIDMatches := clientIDPat.FindAllStringSubmatch(dataStr, -1)
for _, clientID := range clientIDMatches {
s := detectors.Result{
DetectorType: detectorspb.DetectorType_Azure,
Raw: []byte(clientSecret[2]),
Redacted: clientID[2],
}
if verify {
cred := auth.NewClientCredentialsConfig(clientID[2], clientSecret[2], tenantID[2])
token, err := cred.ServicePrincipalToken()
if err != nil {
continue
}
err = token.Refresh()
if err == nil {
s.Verified = true
}
}
if !s.Verified {
if detectors.IsKnownFalsePositive(s.Redacted, detectors.DefaultFalsePositives, true) {
continue
}
if detectors.IsKnownFalsePositive(string(s.Raw), detectors.DefaultFalsePositives, true) {
continue
}
}
results = append(results, s)
}
}
}
return detectors.CleanResults(results), nil
}

110
pkg/detectors/azure/azure_test.go Normal file
View file

@ -0,0 +1,110 @@
package azure
import (
"context"
"fmt"
"testing"
"time"
"github.com/kylelemons/godebug/pretty"
"github.com/trufflesecurity/trufflehog/pkg/common"
"github.com/trufflesecurity/trufflehog/pkg/detectors"
"github.com/trufflesecurity/trufflehog/pkg/pb/detectorspb"
)
func TestAzure_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners2")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}
secret := testSecrets.MustGetField("AZURE_SECRET")
secretInactive := testSecrets.MustGetField("AZURE_INACTIVE")
id := testSecrets.MustGetField("AZURE_ID")
tenantId := testSecrets.MustGetField("AZURE_TENANT_ID")
type args struct {
ctx context.Context
data []byte
verify bool
}
tests := []struct {
name string
s Scanner
args args
want []detectors.Result
wantErr bool
}{
{
name: "found, verified",
s: Scanner{},
args: args{
ctx: context.Background(),
data: []byte(fmt.Sprintf(`
tenant_id=%s
client_id=%s
client_secret=%s
client_secret=%s
`, tenantId, id, secretInactive, secret)),
verify: true,
},
want: []detectors.Result{
{
DetectorType: detectorspb.DetectorType_Azure,
Redacted: id,
Verified: true,
},
},
wantErr: false,
},
{
name: "found, unverified",
s: Scanner{},
args: args{
ctx: context.Background(),
data: []byte(fmt.Sprintf(`
tenant_id=%s
client_id=%s
client_secret=%s
`, tenantId, id, secretInactive)),
verify: true,
},
want: []detectors.Result{
{
DetectorType: detectorspb.DetectorType_Azure,
Redacted: id,
Verified: false,
},
},
wantErr: false,
},
{
name: "not found",
s: Scanner{},
args: args{
ctx: context.Background(),
data: []byte("You cannot find the secret within"),
verify: true,
},
want: nil,
wantErr: false,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
s := Scanner{}
got, err := s.FromData(tt.args.ctx, tt.args.verify, tt.args.data)
if (err != nil) != tt.wantErr {
t.Errorf("Azure.FromData() error = %v, wantErr %v", err, tt.wantErr)
return
}
for i := range got {
got[i].Raw = nil
}
if diff := pretty.Compare(got, tt.want); diff != "" {
t.Errorf("Azure.FromData() %s diff: (-got +want)\n%s", tt.name, diff)
}
})
}
}

2
pkg/detectors/bannerbear/bannerbear_test.go
View file

@ -16,7 +16,7 @@ import (
func TestBannerbear_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecrets(ctx)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners1")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/baremetrics/baremetrics_test.go
View file

@ -16,7 +16,7 @@ import (
func TestBaremetrics_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecrets(ctx)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners1")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/baseapiio/baseapiio_test.go
View file

@ -16,7 +16,7 @@ import (
func TestBaseApiIO_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecretsVersion(ctx, 2)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners2")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/beamer/beamer_test.go
View file

@ -16,7 +16,7 @@ import (
func TestBeamer_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecretsVersion(ctx, 3)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners3")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/beebole/beebole_test.go
View file

@ -16,7 +16,7 @@ import (
func TestBeebole_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecretsVersion(ctx, 2)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners2")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/besttime/besttime_test.go
View file

@ -16,7 +16,7 @@ import (
func TestBesttime_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecrets(ctx)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners1")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/billomat/billomat_test.go
View file

@ -16,7 +16,7 @@ import (
func TestBillomat_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecrets(ctx)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners1")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/bitbar/bitbar_test.go
View file

@ -16,7 +16,7 @@ import (
func TestBitbar_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecrets(ctx)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners1")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/bitcoinaverage/bitcoinaverage_test.go
View file

@ -16,7 +16,7 @@ import (
func TestBitcoinAverage_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecrets(ctx)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners1")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/bitfinex/bitfinex_test.go
View file

@ -16,7 +16,7 @@ import (
func TestBitfinex_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecretsVersion(ctx, 3)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners3")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/bitlyaccesstoken/bitlyaccesstoken_test.go
View file

@ -16,7 +16,7 @@ import (
func TestBitLyAccessToken_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecretsVersion(ctx, 3)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners3")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/bitmex/bitmex_test.go
View file

@ -16,7 +16,7 @@ import (
func TestBitmex_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecrets(ctx)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners1")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/blablabus/blablabus_test.go
View file

@ -16,7 +16,7 @@ import (
func TestBlablabus_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecrets(ctx)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners1")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/blazemeter/blazemeter_test.go
View file

@ -16,7 +16,7 @@ import (
func TestBlazemeter_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecretsVersion(ctx, 2)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners2")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/blitapp/blitapp_test.go
View file

@ -16,7 +16,7 @@ import (
func TestBlitApp_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecrets(ctx)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners1")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/blogger/blogger_test.go
View file

@ -16,7 +16,7 @@ import (
func TestBlogger_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecrets(ctx)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners1")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/bombbomb/bombbomb_test.go
View file

@ -16,7 +16,7 @@ import (
func TestBombBomb_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecretsVersion(ctx, 2)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners2")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/brandfetch/brandfetch_test.go
View file

@ -16,7 +16,7 @@ import (
func TestBrandfetch_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecrets(ctx)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners1")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/browshot/browshot_test.go
View file

@ -16,7 +16,7 @@ import (
func TestBrowshot_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecrets(ctx)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners1")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/buddyns/buddyns_test.go
View file

@ -16,7 +16,7 @@ import (
func TestBuddyns_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecretsVersion(ctx, 2)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners2")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/bugherd/bugherd_test.go
View file

@ -16,7 +16,7 @@ import (
func TestBugherd_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecretsVersion(ctx, 2)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners2")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/bugsnag/bugsnag_test.go
View file

@ -16,7 +16,7 @@ import (
func TestBugsnag_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecrets(ctx)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners1")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/buildkite/buildkite_test.go
View file

@ -16,7 +16,7 @@ import (
func TestBuildkite_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecretsVersion(ctx, 3)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners3")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/bulbul/bulbul_test.go
View file

@ -16,7 +16,7 @@ import (
func TestBulbul_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecrets(ctx)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners1")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/buttercms/buttercms_test.go
View file

@ -16,7 +16,7 @@ import (
func TestButterCMS_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecretsVersion(ctx, 3)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners3")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/caflou/caflou_test.go
View file

@ -16,7 +16,7 @@ import (
func TestCaflou_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecretsVersion(ctx, 2)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners2")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/calendarific/calendarific_test.go
View file

@ -16,7 +16,7 @@ import (
func TestCalendarific_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecretsVersion(ctx, 3)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners3")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/calendlyapikey/calendlyapikey_test.go
View file

@ -16,7 +16,7 @@ import (
func TestCalendlyApiKey_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecretsVersion(ctx, 3)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners3")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/calorieninja/calorieninja_test.go
View file

@ -16,7 +16,7 @@ import (
func TestCalorieninja_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecretsVersion(ctx, 2)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners2")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/campayn/campayn_test.go
View file

@ -16,7 +16,7 @@ import (
func TestCampayn_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecretsVersion(ctx, 3)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners3")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/cannyio/cannyio_test.go
View file

@ -16,7 +16,7 @@ import (
func TestCannyIo_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecretsVersion(ctx, 3)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners3")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/capsulecrm/capsulecrm_test.go
View file

@ -16,7 +16,7 @@ import (
func TestCapsuleCRM_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecrets(ctx)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners1")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/carboninterface/carboninterface_test.go
View file

@ -16,7 +16,7 @@ import (
func TestCarbonInterface_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecrets(ctx)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners1")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/cashboard/cashboard_test.go
View file

@ -16,7 +16,7 @@ import (
func TestCashboard_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecretsVersion(ctx, 2)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners2")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/censys/censys_test.go
View file

@ -16,7 +16,7 @@ import (
func TestCensys_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecrets(ctx)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners1")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/centralstationcrm/centralstationcrm_test.go
View file

@ -16,7 +16,7 @@ import (
func TestCentralStationCRM_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecrets(ctx)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners1")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/chatbot/chatbot_test.go
View file

@ -16,7 +16,7 @@ import (
func TestChatbot_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecretsVersion(ctx, 3)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners3")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/checio/checio_test.go
View file

@ -16,7 +16,7 @@ import (
func TestChecIO_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecretsVersion(ctx, 2)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners2")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/checklyhq/checklyhq_test.go
View file

@ -16,7 +16,7 @@ import (
func TestChecklyHQ_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecretsVersion(ctx, 2)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners2")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/checkout/checkout_test.go
View file

@ -16,7 +16,7 @@ import (
func TestCheckout_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecrets(ctx)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners1")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

2
pkg/detectors/cicero/cicero_test.go
View file

@ -16,7 +16,7 @@ import (
func TestCicero_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel()
testSecrets, err := common.GetScannersTestSecretsVersion(ctx, 2)
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "scanners2")
if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err)
}

Some files were not shown because too many files have changed in this diff Show more